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(57) For digital signature processing using a public 
key cryptosystem, there is provided a convenient digital 
signature system which facilitates control of a private 
key. Based on an "ID" supplied by a user, the dynamic 
signature encryption key control section 1 6 obtains reg- 
istered dynamic signature data and a private key from a 
control database 12. The registered dynamic signature 
data is compared with authentication dynamic signature 
data sent by the user in the dynamic signature verifying 
section 1 4. When it is determined that they are identical 
signature data, the dynamic signature encryption key 
control section 1 6 supplies message data sent from the 
user, and the private key to the encryption operation 
section 18. The encryption operation section 18 
encrypts the message data using the private key, and 
sends the encrypted message data to the dynamic sig- 
nature encryption key control section 16. The dynamic 
signature encryption control section 16 returns signed, 
i.e. encrypted, message data or the like to the user. The 
user need not control his own private key. 
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Description 

TECHNICAL FIELD 

[0001] The present invention relates to a public key 
cryptosystem, and in particular to a public key authenti- 
cation using digital signatures. The present invention 
further relates to a method for marking digital signatures 
using a public key cryptosystem. 

BACKGROUND ART 

[0002] As network communication has developed, 
the use of cryptosystems when exchanging messages 
has become more common. Although conventional pri- 
vate key methods remain in use, the use of public key 
cryptosystems has grown more common because con- 
ventional systems require complicated key control, as 
well as other reasons. 

[0003] In a public key cryptosystem, each person 
manages their own private key, and shares a public key 
with others. Anyone can encrypt a message using 
someone's public key, and send that encrypted mes- 
sage to him or her. Since a message encrypted using a 
public key can be decrypted only by a person holding 
the corresponding private key, a desired level of confi- 
dentiality for the message can be maintained. 
[0004] The public key cryptosystem is further distin- 
guished by the ease with which it can be used to create 
a digital signature. 

[0005] That is, a person A, wishing to distinctively 
mark (sign) a specific message, can do so by encrypting 
that message using his private key. A message 
encrypted using A's private key can be decrypted only 
using A's public key. Therefore, anyone who can decrypt 
the encrypted message using A's public key can 
thereby confirm the content of the message. Any mes- 
sage which can be decrypted using A's public key must 
in fact be a message having been encrypted using A s 
private key and, therefore, the fact that the message can 
be decrypted using A's public key automatically means 
that the message was encrypted using A's private key. If 
only person A has access to A's private key, it is safe to 
conclude that only A could have encrypted the mes- 
sage. 

[0006] As described above, when it can be con- 
firmed that a process could only have been performed 
by A, that process can be considered as A's "signature". 
[0007] Therefore, for such a public key cryptosys- 
tem, such as a digital signature, to be effective, it must 
be certain that a private key is known only to its owner. 
That is, each user must strictly control any private keys 
under his responsibility. 

[0008] Keys of as long as 500 to 1000 bits have 
been used or suggested for public key cryptosystems to 
ensure cryptographic strength. However, few people are 
able to remember 500 to 1000 bits of data, and most 
people are only able to remember a password of a few 



digits. Therefore, generally, private keys are stored on a 
computer hard disk or on an IC card. 
[0009] However, as a private key saved on a com- 
puter hard disk or the like could be accessible to a 
5 number of people, private keys saved on a hard disk are 
often protected using a password. That is, to use a pri- 
vate key to attach a digital signature or for other uses, 
the user must input a password to access the private 
key. 

10 

DISCLOSURE OF INVENTION 

Problems to be Solved by the Invention 

is Problem 1 : 

[0010] In a conventional private key cryptosystem, 
each user must control their private keys, specifically 
through protection using a password or the like. 

20 [001 1 ] However, shorter, more easily remembered 
passwords, are also more easily stolen and, rf exposed, 
are more easily remembered because they are short. 
[001 2] That is, as conventional private key control 
greatly depends on the strength of a password, there is 

25 a limit to the protection afforded by a specific private 
key, and "posing " by a third person is not impossible. 
That is, there is a significant risk of a third person posing 
as the authorized user, and illegally writing the user's 
digital signature. 

30 [001 3] Further, as control of each private key is ulti- 
mately the responsibility of each authorized user, keys 
such as a "company key" belonging to a corporation, 
are also controlled by an individual. Therefore, all keys, 
whether individual or company, are controlled with simi- 

35 lar level of security, for the most part irrespective of the 
importance of the key. 

[0014] As a result, presently, illegal use of an impor- 
tant company key is as likely to occur as illegal use of an 
individual user's personal private key. 

40 [0015] Also, when a certain private key becomes 
unnecessary, such as due to an employee transfer or 
authorization changes, the now redundant private key 
must be deleted. However, data stored on a hard disk 
may not be thoroughly deleted, and the private key data 

45 may remain in a recoverable state. 

[001 6] Still further, there has been growing demand 
for private keys belonging to a company itself rather 
than an individual. That is, a key for a company itself is 
desired. Such a company key may correspond to a 

50 company seal to'be used by respective employees of 
the company. However, the present public key crypto- 
system is based on an assumption that one private key 
is used by only one specific individual, and does not 
take into consideration a case where a corporate key is 

55 shared by two or more people. In other words, a mech- 
anism in which one private key is shared by a person 
other than its authorized owner (a company) on behalf 
of the owner, has not yet established. 
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[001 7] The present invention has been conceived in 
view of the above, and aims to provide a digital signa- 
ture server for reliably preventing unauthorized applica- 
tion of a digital signature belonging to a company. 

Problem 2: 

[0018] For digital signature application using a pri- 
vate key of a conventional public key cryptosystem, 
each user must be responsible for the control of their 
own private key, specifically, through protection using a 
password. 

[0019] However, shorter, more easily remembered 
passwords, are also more easily stolen and, if exposed, 
are more easily remembered because they are short. 
[0020] That is, as conventional private key control 
greatly depends on the strength of a password, there is 
a limit to the protection afforded a specific private key, 
and "posing" by a third person is not impossible. That is, 
there is a significant risk of a third person posing as the 
authorized user, and illegally creating the user's digital 
signature. 

[0021 ] Further, as control of each private key is ulti- 
mately the responsibility of each authorized user, keys 
such as a "company key" belonging to a corporation, 
are also controlled by an individual. Therefore, all keys, 
whether individual or company, are controlled with simi- 
lar level of security, for the most part irrespective of the 
importance of the key. 

[0022] As a result, presently, illegal use of an impor- 
tant company key is as likely to occur as illegal use of an 
individual user's personal private key. 
[0023] Still further, there has been growing demand 
for private keys belonging to a company itself rather 
than an individual. That is, a key for a company itself is 
desired. Such a company key may correspond to a 
company seal to be used by respective employees of 
the company. However, the present public key crypto- 
system is based on an assumption that one private key 
is used by only one specific individual, and does not 
take into consideration a case where a corporate key is 
shared by two or more people. In other words, a mech- 
anism in which one private key is shared by a person 
other than its authorized owner (a company) on behalf 
of the owner, has not yet established. 
[0024] The present invention has been conceived in 
view of the above, and aims to provide a digital signa- 
ture server for reliably preventing unauthorized applica- 
tion of a digital signature belonging to a company. 

Summary of the Invention 

Disclosure of Invention for Digital Signature Server 

[0025] The present invention relates to a digital sig- 
nature server, and is characterized in that a plurality of 
private keys can be shared among two or more persons. 
According to the conventional art, a private key is 



owned and controlled by one person. Therefore, a 
mechanism has been established which allows only use 
of the private key by only that person, which may pro- 
voke illegal conduct (posing and so on) using a stolen 

5 password, as described elsewhere in this specification. 
[0026] According to the present invention, there is 
provided signature preparing server which realizes a 
method in which a plurality of private keys are shared by 
two or more people. 

10 [0027] Specifically, there is provided a digital signa- 
ture preparing server for receiving message data to be 
digitally signed and an identifier of a user requesting the 
digital signature, for signing the message data using a 
private key of the user, and for outputting the signed 

is message data. The digital signature preparing server 
comprises private key memory means for storing a pri- 
vate key of the user, the key being registered therein in 
advance, and for outputting the registered private key of 
the user based on an identifier of the user; and signing 

20 means for signing the message data using the private 
key. Further, the private key memory means is capable 
of handling a case where identical private keys are reg- 
istered with respect to identifiers of different users. 
[0028] Still further, the private key memory means 

25 is capable of handling a case where a single user has a 
plurality of identifiers. 

[0029] Yet further, the above digital signature pre- 
paring server further comprises biometric signature 
data memory means for storing biometric signature 

30 data on the user, the data being registered therein in 
advance, and for outputting the registered biometric sig- 
nature data for the user based on an identifier of the 
user; and detection means for comparing biometric sig- 
nature data input by the user and the registered biomet- 

35 ric signature data of the user output from the biometric 
signature data memory means, to detect whether or not 
characteristic amounts coincide between them, wherein 
the signing means signs message data using the pri- 
vate key obtained, only when the detection means 

40 determines coincidence of the characteristic amounts. 
[0030] Yet further, the biometric signature data is 
data of a signature manually written by the user. 
[0031] Yet further, the biometric signature data is 
data of the user's retina pattern. 

45 [0032] Yet further, the biometric signature data is 
data of the user's fingerprint. 

[0033] Yet further, the above digital signature pre- 
paring server according to the present invention, further 
comprises conversion means for converting into image 

so data, the data of a signature manually written by the 
user as input biometric signature data; image data sign- 
ing means for signing the image data, using the private 
key; and image data output means for outputting the 
signed image data. 

55 [0034] Yet further, the private key memory means 
comprises an external memory means detachable from 
the digital signature preparing server. 
[0035] Yet further, the private key memory means 



3 



5 



* ' £P I I030 282A1 



6 



comprises an external memory means detachable from 
the digital signature preparing server, and the signing 
means is formed integrally to the external memory 
means. 

[0036] Yet further, the external memory means 
comprises an IC card. 

Disclosure of Invention for Digital Signature Method 

[0037] The present invention also relates to a digital 
signing method, and is characterized by the use of bio- 
metric signature data, in addition to an ID and a pass- 
word, in user identification to achieve more reliable user 
identification. 

[0038] The present invention is further character- 
ized by the sharing of a plurality of private keys by two 
or more persons. To realize such a digital signature 
method, a data structure for "a plurality of users vs a 
plurality of private keys" is established in the memory 
means. 

[0039] According to the conventional art, a private 
key is owned and controlled by only one person. There- 
fore, a mechanism has been established which allows 
only use of the private key by only that person, which 
may provoke illegal use (posing and so on) using a sto- 
len password, as described elsewhere. 
[0040] The present invention provides a digital sig- 
nature preparing method for realizing a method in which 
a plurality of private keys are shared by a plurality of 
persons. Specifically, the following means are provided. 
[0041] In order to achieve the above object, accord- 
ing to the present invention, there is provided a digital 
signature preparing method comprising an input step of 
inputting message data to be digitally signed, an identi- 
fier of a user requesting the digital signature, and bio- 
metric signature data on the user; a registered biometric 
signature data obtaining step of obtaining registered 
biometric signature data on the user, the data being reg- 
istered therein in advance, based on the identifier of the 
user; a detection step of comparing the input biometric 
signature data and the registered biometric signature 
data of the user, to detect whether or not characteristic 
amounts coincide between them; and a digital signing 
step of digitally signing the message data using the pri- 
vate key of the user only when the characteristic 
amounts is detected coincident with each other at the 
detection step. Biometric signature data is biometric 
data for specifying an individual, such as a fingerprint, a 
retina pattern, and so on. Signature data is used due to 
various merits thereof particularly in the following 
embodiments. 

[0042] Further, identical private keys are possibly 
obtained with respect to identifiers of different users at 
the registered biometric signature data obtaining step. 
[0043] As identical private keys can be provided to 
different users, a company key and so on can be easily 
controlled. 

[0044] Still further, the registered biometric signa- 



ture data obtaining step is capable of handling a case 
where a single user has a plurality of identifiers. 
[0045] It is not uncommon for one person to have 
more than one job, function, or title. In such a case, it is 
5 preferable that he use a different digital signature for 
each function. Therefore, according to the present 
invention, one user can possess a plurality of identifiers 
(referred also as ID) so that one user can use a plurality 
of private keys. 

w [0046] Yet further, the biometric signature data is 
data of a signature manually written by the user. 
[0047] Yet further, the biometric signature data is 
data of the user's retina pattern. 
[0048] Yet further, the biometric signature data is 

is data of the user's fingerprint. 

[0049] Yet further, the above digital signature pre- 
paring method may further comprise a conversion step 
of converting the input data of a signature manually writ- 
ten by the user into image data, and an image data sign- 

20 ing step of signing the image data, using the private key. 
[0050] As even image data is given a signature 
using a private key, an image of a conventional hand- 
written signature can be utilized, which can help main- 
tain similarity to a conventional system. 

25 [0051] Also, the present invention relates to a com- 
puter readable memory medium on which is stored a 
program for achieving the invention as described in this 
specification. 

[0052] Specifically, there may be provided a compu- 

30 ter-readable recording medium containing a program 
which, when executed, causes the computer to follow 
an input step of inputting message data to be digitally 
signed, an identifier of a user requesting the digital sig- 
nature, and biometric signature data on the user; a reg- 

35 istered biometric signature data obtaining step of 
obtaining registered biometric signature data on the 
user, based on the identifier of the user; a detection step 
of comparing the input biometric signature data and the 
registered biometric signature data on the user, to 

40 detect whether or not characteristic amounts coincide 
between them; and a digital signing step for digitally 
signing the message data using the private key of the 
user only when the characteristic amounts are detected 
coincident with each other at the detection step. 

45 [0053] Further, identical private keys are possibly 
obtained with respect to identifiers of different users at 
the registered biometric signature data obtaining step. 
[0054] Still further, the registered biometric signa- 
ture data obtaining step is capable of handling a case 

so where a single uSer has a plurality of identifiers. 

[0055] Yet further, the biometric signature data is 
data of a signature manually written by the user. 
[0056] Yet further, the biometric signature data is 
data of the user's retina pattern. 

55 [0057] Yet further, the biometric signature data is 
data on the user's fingerprint. 

[0058] Yet further, an additional conversion step of 
converting the data on a signature manually written by 



4 



<EP 1030282A1 I > 



7 



EP 1 030 282 A1 



8 



the user, into image data, and an image data signing 
step of signing the image data using the private key, are 
included in the program instructions. 

BRIEF DESCRIPTION OF DRAWINGS s 
[0059] 

Fig. 1 is a diagram for explaining a structure of a 
digital signature preparing server according to a io 
first preferred embodiment of the present invention; 
Fig. 2 is a diagram for explaining the control data- 
base table of Fig. 1; 

Fig. 3 is a diagram for explaining a structure of a 
digital signature preparing server according to a is 
second preferred embodiment of the present inven- 
tion; 

Fig. 4 is a diagram illustrating an IC card; 
Fig. 5 is a diagram for explaining the control data- 
base table of Fig. 3; 20 
Fig. 6 is diagram for explaining a structure of a dig- 
ital signature preparing method according to a third 
preferred embodiment of the present invention; and 
Fig. 7 is a diagram for explaining an array of the 
array control module of Fig. 6. 25 

BEST MODE FOR CARRYING OUT THE INVENTION 

[0060] In the following, preferred embodiments of 
the present invention will be described based on the 30 
accompanying drawings. 

Embodiment 1. 

[0061 ] Fig. 1 is a block diagram showing a structure 35 
of a digital signature preparing server 10 according to 
Embodiment 1 . The digital signature preparing server 
10 according to this embodiment is a server operating 
on a network, and digitally signs a message document 
in response to an external request. 40 

Input Signal 

[0062] An input 22 for the digital signature prepar- 
ing server 10 includes, as shown in Fig. 1 , a user "ID", a 45 
user's "authentication dynamic signature data", and 
"message data" which the user wishes to sign. Using a 
user's private key, the digital signature preparing server 
10 encrypts the "message data" to thereby affixing a 
signature thereto, and then outputs "encrypted (signed) so 
message data". 

[0063] Here, "authentication dynamic signature 
data" includes biometric data for specifying an individ- 
ual, such as data on a user's "handwritten signature", a 
fingerprint, a retina pattern. In this embodiment, authen- ss 
tication dynamic signature data is input by a person who 
wishes to use authentication, writing a "handwritten sig- 
nature" on a tablet provided to a terminal, using a stylus 



pen and so on. 

[0064] "Authentication dynamic signature data" of 
the input 22 for the digital signature preparing server 10 
is dynamic signature data which is input by a user wish- 
ing to affix a digital signature. As described above, data 
on a user's "handwritten signature", sent from the termi- 
nal tablet or the like, may be used as "authentication 
dynamic signature data". 

[0065] As shown in Fig. 1, the digital signature pre- 
paring server 10 has a control database 12 for control- 
ling individual users and their private keys. That is, 
private keys are collectively controlled by the digital sig- 
nature preparing server 10. 

[0066] This embodiment is characterized by private 
key control made by a digital signature preparing server 
10 (in the control database 12 thereof) rather than by an 
individual owner. This arrangement enables collective 
private key control, and thereby eliminates any need for 
complicated private key control by each user. 
[0067] The control database 1 2 stores an "ID", "reg- 
istered dynamic signature data", and a "private key". 
Here, "registered dynamic signature data" is data on a 
"handwritten signature", and refers to dynamic signa- 
ture data which was pre-registered in the control data- 
base 1 2. A user registers his dynamic signature data in 
advance in the control database 12, and, when using 
the digital signature preparing server 10, writes a signa- 
ture similar to the pre-registered "registered dynamic 
signature data" on a tablet or the like, to thereby easily 
and reliably identify himself. 

[0068] It should be noted that dynamic signature 
data, which is "handwritten signature" data in this 
embodiment, may be any other unique and identifiable 
biometric data, such as a fingerprint, a retina pattern, or 
the like. 

Operation 

[0069] Operation of the digital signature preparing 
server 10 will next be described. 
[0070] When the digital signature preparing server 
10 is supplied with an input 22 consisting of a user's 
"ID", "authentication dynamic signature data", and 
"message data", a dynamic signature encryption key 
control section 16 reads from the control database 12 
"registered dynamic signature data" registered with 
respect to the user identified by the ID. As shown in Fig. 
1 , the dynamic signature encryption key control section 
16 supplies "ID" to the control database 12. 
[0071] Subsequently, the dynamic signature 
encryption key control section 16 supplies "registered 
dynamic signature data" received from the control data- 
base 12 and "authentication dynamic signature data", a 
part of the input 22. to a dynamic signature verifying 
section 14 (see Fig. 1). 

[0072] The dynamic signature verifying section 14 
compares the supplied "registered dynamic signature 
data" and "authentication dynamic signature data" for 
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verification to determine whether or not certain charac- 
teristics coincide between them. When the result shows 
that the necessary characteristics of the "registered 
dynamic signature data**, registered in the control data- 
base 12, coincide with the supplied "authentication 
dynamic signature data", it is decided that both data 
represent biometric signature data belonging to a same 
person, and therefore determines that the request for 
digital signature is legitimate (i.e., user requesting a dig- 
ital signature is someone authorized to do so). Digital 
signature processing (described later) is then applied in 
the digital signature preparing server 10. 
[0073] On the other hand, when the required char- 
acteristics of the "registered dynamic signature data", 
registered in the control database 12, do not coincide 
with those of the supplied "authentication dynamic sig- 
nature data", the dynamic signature verifying section 14 
(see Fig. 1) therefore determines that the input biomet- 
rics data does not belong to the registered person, and 
it is concluded that the request for digital signature is 
illegitimate. The digital signature preparing server 10 
rejects the authentication request by causing the 
dynamic signature encryption key control section 16 to 
send a rejection message to the user. 
[0074] Here, when the dynamic signature verifying 
section 14 sends data indicative of an appropriate 
authentication request to the dynamic signature encryp- 
tion key control section 16, the dynamic signature 
encryption key control section 16 causes an encryption 
operation section 18 to perform digital signature 
processing. That is, the encryption operation section 18 
encrypts the message data using a private key. 
[0075] As shown in Fig. 1 , the encryption operation 
section 18 receives "a private key" for use in encryption 
and "message data" to be encrypted from the dynamic 
signature encryption key control section 16. In this 
example, the encryption operation section 18 receives 
"image data", in addition to "message data", as an 
encryption object. Then, the "message data" and 
"image data" are encrypted (signed) in the encryption 
operation section 18. 

[0076] "Image data" is image data describing 
"authentication dynamic signature data" input by a user, 
in the form of an image. "Authentication dynamic signa- 
ture data" is numerical data expressing, for example, 
the dynamic of the pen with which the user has written 
a "handwritten signature", as speed, direction, pressing 
force, and so on of the pen. The data which expresses 
a "handwritten signature" in the form of an image is 
image data which is a reproduction of the dynamic of 
the pen on a 2D sheet of paper so that the signature 
data (the numerical data indicative of a pressing force 
and so on) is expressed in a visible form to aid visual 
recognition by human users. 

[0077] As described above, image data for signa- 
ture data is encrypted in this embodiment because of 
the popular request for a readable signature in a mes- 
sage, though encryption of image data is not indispen- 



sable in the present invention. 
[0078] After encryption of the "message data" and 
"image data", the encryption operation section 18 out- 
puts resultant "encrypted message data" and 

5 "encrypted signature image data". 

[0079] The dynamic signature encryption key con- 
trol section 16 then sends back to the user the 
"encrypted message data" and "encrypted signature 
image data". With such an arrangement, users can 

10 readily digitally sign documents without having to them- 
selves control a private key because not only an ID but 
also biometric dynamic signature data is used for iden- 
tification, and affixing a false signature through unau- 
thorized use of a private key can be effectively 

15 prevented. 

[0080] Further, the dynamic signature encryption 
key control section 16 also returns a "return value" to 
the user, the "return value" being a code referred to as a 
"return code" indicative of an encryption operation 

20 result. 

[0081] By examining the "return value", the user 
can obtain detailed information as to whether the 
encryption operation has been duly completed or 
whether characteristics did not coincide between the 
25 authentication dynamic signature data and the regis- 
tered authentication data for a person identified by the 
ID. 

[0082] Further, while returning the "encrypted mes- 
sage data" and so on to the user, the dynamic signature 

30 encryption key control section 16 registers "encrypted 
message data" in the control database 20, as shown in 
Fig. 1 . The control database 20 is a database for record- 
ing details of what digital signature processing is 
applied with respect to which message in response to 

35 whose request This database 20 enables subsequent 
detection of unauthorized use. In this embodiment, a 
dedicated server for digital signature processing is pro- 
vided to handle all digital signature-involved processing. 
Therefore, as all signature processing can be collec- 

40 tively controlled, information of all applications for signa- 
ture processing, such as the party applying, date, and 
so on, can be recorded in the recording database 20. 
[0083] It should be noted that the respective com- 
ponents of the digital signature preparing server 10 are 

45 achieved by means of a computer program. Specifically, 
the dynamic signature encryption key control section 
16, the dynamic signature verifying section 14, the 
encryption operation section 18, and so on are achieved 
by a computer CPU constituting the digital signature 

so preparing server '10, and a program executed by the 
CPU. Further, the control database 12 and the record- 
ing database 20 are achieved by a CPU, a database 
program to be executed by the CPU, and a memory 
means such as a hard disk. 

55 

Database Content 

[0084] The content of a table used in the control 
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database 12 will next be described. 

[0085] Fig. 2 is a diagram for explaining the content 

of two types of tables used in the control database 12. 

Fig. 2(1) shows an individual information control table 

12a; Fig. 2(2) shows an encryption key control table 5 

12b. 

[0086] As shown in Fig. 2(1), the individual informa- 
tion control table 12a is a table storing a user's "ID", 
"registered dynamic signature data", and a "key hash 
value". A "key hash value" is a private key converted w 
into a hash value, using a predetermined hash function, 
and utilized in an encryption key control table 12b 
(described later). A hash value is used here because 
searching for the values of a private key, which can be 
as long as 500 to 1000 bits, requires a relatively long is 
time to complete. 

[0087] As outlined above, a user's "ID" is used for 
user identification in this embodiment (see Fig. 2(1)), 
and one user is allowed to have a plurality of IDs. There- 
fore, one user who has two or more functions can use a 20 
different signature for every function. 
[0088] This embodiment is characterized by the fact 
that the system accepts use of a plurality of IDs by one 
user. 

[0089] Because an individual information control 25 
table 12a is employed, a single user can control a plural- 
ity of signatures as required, and signature processing 
is thereby made convenient. 

[0090] Further, with the configuration of this embod- 
iment, it is possible for a plurality of users to share a sin- 30 
gle private key. That is, assignment of one key hash 
value to people with different IDs allows two or more 
people to commonly use a single private key. 
[0091 ] For example, the above mentioned company 
key may be used by two or more of a company's direc- 35 
tors. In such a case, according to this embodiment, 
these directors can conveniently share one company 
key for a digital signature system. 
[0092] Fig. 2(2) shows an encryption key control 
table 12b. As shown, the encryption key control table 40 
12b stores a "key hash value", a "private key" for use for 
signature, and a "class". A "key hash value" here is 
identical to that which was explained referring to Fig. 
2(1). A "class" is data indicative of the relative impor- 
tance of a private key and, though not required for the 45 
present invention, can be used for controlling the key. 
[0093] Using the individual information control table 
12a, a "key hash value" is obtained according to each 
user's "ID". The "key hash value" is used as a key when 
searching the content of the encryption key control table 50 
12b. By locating a specific "key hash value" in the 
encryption key control table 12b, a corresponding "pri- 
vate key" can be obtained from the encryption key con- 
trol table 12b. 

[0094] As described above, a "key hash value" 55 
serves as a key to relate the individual information con- 
trol table 12a and the encryption key control table 12b. It 
should be noted that the "key hash value" in this embod- 



iment may be preferably substituted by a simple 
sequential number as long as correspondence to a pri- 
vate key is maintained. 

[0095] Also, two types of tables, one normalized 
with respect to IDs and the other normalized with 
respect to a private key, are used in this embodiment to 
achieve separate control of individual users and keys. 
This enables more efficient control because, when 
users of the digital signature preparing server 10 
increase, the individual information control table 12a 
may be accordingly adjusted, while, when the number of 
private keys are reduced, the encryption key control 
table 12b may be adjusted alone. 
[0096] However, as a control database 12 can fully 
function when corresponding registered dynamic signa- 
ture data and private keys can be obtained based on an 
ID, the individual information control table 12a and the 
encryption key control table 12b may be integrated into 
one table so that processing relating to the control data- 
base 12 is applied based on the integrated single table. 
[0097] Integration of the individual information con- 
trol table 12a and the encryption key control table 12b 
results in a table containing items, namely, a user's "ID", 
"registered signature data", a "private key", and a 
"class", while omitting a "key hash value". 
[0098] As described above, this embodiment is 
characterized by the provision of a digital signature pre- 
paring server 10, which centrally controls a private key 
for use for a digital signature. This eliminates the need 
for an individual user to control their own private key. 
Also, as sharing of one private key by a plurality of per- 
sons is allowed with the configuration of this embodi- 
ment, a company key can be smoothly used. Still 
further, as one person can control a plurality of private 
keys, a different digital signature can be used for each 
function. 

Embodiment 2. 

[0099] In the above described Embodiment 1, pri- 
vate keys are centrally controlled using a control data- 
base 12 in the digital signature preparing server 10. 
However, such central control of private keys introduces 
a risk that all keys could lost or stolen. To hedge against 
such risk, a private key may be stored in an external 
memory means. 

[01 00] If this is done, when the digital signature pre- 
paring server 1 0 is not in operation, the external mem- 
ory means is taken out of the digital signature preparing 
server 10, and stored in a secure place. With this 
arrangement, security of private keys is enhanced. 
[01 01 ] Fig. 3 is a block diagram showing a structure 
of a digital signature preparing server 50 adapted to 
storage of a private key in an external memory means. 
[01 02] A digital signature preparing server 50 in this 
embodiment differs from the digital signature preparing 
server 10 in the first embodiment in that a private key is 
stored in an external IC card. Because the private key is 
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stored in an IC card, the digital signature preparing 
server 50 is provided with an tC card input/output device 
58. as shown in Fig. 3. 

[0103] Accordingly, a control database 52 differs 
from the counterpart in the first embodiment 1 in that it 5 
stores a "device number" of an IC card which stores a 
private key, instead of the private key itself 
[0104] Therefore, a dynamic signature encryption 
key control section 56 in the second embodiment sup- 
plies a "device number" instead of a "private key" to the w 
IC card input/output device 58. Based on the supplied 
"device number", the IC card input/output device 58 
supplies "message data" to an IC card designated by 
the "device number". 

[0105] An IC card 62 with "message data" supplied is 
encrypts the message data using a private key stored 
therein, and outputs the encrypted message data to the 
outside. 

[0106] As outlined above, in this embodiment, an IC 
card 62 includes not only a memory means, but also an 20 
operation means so that encryption operations are per- 
formed inside the IC card 62. As a result, the private key 
itself is not removed from the IC card, thereby increas- 
ing security of the private key. As described above, the 
private key is itself stored inside an !C card, and the IC 25 
card outputs message data after encryption (signature 
processing). 

[0107] The digital signature preparing server 50 in 
the second embodiment differs from the digital signa- 
ture preparing server 10 in the first embodiment in that 30 
the encryption operation section 18 is incorporated into 
the IC card 62, and that a private key is saved in an IC 
card 62. Because of these differences, the control data- 
base 52 in the second embodiment stores a "device 
number" of the IC card 62 storing the "private key," 35 
rather than a "private key" itself. 
[0108] Other than as explained above, the digital 
signature preparing server 50 operates in substantially 
the same manner as the digital signature preparing 
server 10 of Embodiment 1 . 40 

Operation 

[0109] Similar to the first embodiment, in this sec- 
ond embodiment a user's "ID", "authentication dynamic 45 
signature data", and "message data" are input to the 
digital signature preparing server 50 (see Fig. 3). The 
"ID" and "authentication dynamic signature data" are 
then sent from the dynamic signature encryption key 
control section 56 to the control database 52, which in so 
turn outputs registered dynamic signature data, as well 
as a "device number" indicative of the IC card 62 with a 
private key stored therein. 

[0110] The dynamic signature encryption key con- 
trol section 56 then sends the registered dynamic signa- ss 
ture data, received from the control database 52, and 
the authentication dynamic signature data input by the 
user to the dynamic signature verifying section 54. The 



dynamic signature verifying section 54 applies the same 
operation as that of the dynamic signature verifying sec- 
tion 14, and then returns a verification result back to the 
dynamic signature encryption key control section 56. 
[0111] The dynamic signature encryption key con- 
trol section 56 then sends "message data" and "image 
data" to the IC card input/output device 58. Here, as 
described above, the dynamic signature encryption key 
control section 56 sends a "device number" for designa- 
tion of an IC card 62 storing a private key, rather than 
the "private key" itself. Therefore, the IC card inputfout- 
put device 58 supplies "message data" to be signed, 
and "image data", or image data indicative of a user's 
handwritten signature, to an IC card 62 designated by 
the "device number". 

[01 1 2] Fig. 4 is a diagram for explaining operation of 
an IC card 62. As shown, the IC card 62 is equipped 
with a memory function for storing a private key. and 
also an operation function for encryption operation. 
Using a private key stored therein, the IC card 62 
encrypts the supplied "message data" and "image 
data", and then sends the encrypted "message data" 
and "image data", i.e., signed "message data" and 
"image data", to the dynamic signature encryption key 
control section 56. 

[01 1 3] Subsequently, the signed "message data" or 
the like is processed in the dynamic signature encryp- 
tion key control section 56 in the same manner as that 
in the digital signature preparing server 10 in the first 
embodiment. That is, "encrypted message data" and so 
on is stored in a recording database 60, and a "return 
value", "encrypted message data", and "encrypted sig- 
nature image data" are output to the outside. 

Database Content 

[0114] Fig. 5 is a diagram for explaining two tables 
contained in the control database 52 in the second 
embodiment Fig. 5(1) shows an individual information 
control table 52a, the content thereof being the same as 
that of the individual information control table 12a in the 
first embodiment. Fig. 5(2) shows an encryption key 
control table 52b, the content thereof being partly differ- 
ent from that of the encryption key control table 12b. As 
shown in Fig. 5(2), in this embodiment, the encryption 
key control table 52b does not contain a "private key" 
itself, but contains an "IC card input/output device 
number" instead. By using a table of this structure, a 
device number is supplied to the dynamic signature 
encryption key control section 56, as described with ref- 
erence to Fig. 3. Note that the individual information 
control database 52a and the encryption key control 
table 52b are made to relate to each other by means of 
a key hash value. 

[0115] As described above, because a private key 
is stored in an external IC card in this embodiment, a 
private key can be placed under more secure control. 
For example, an owner of a private key may remove an 
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IC card containing his private key from an IC card 
input/output device when the digital signature preparing 
server 50 is not in operation, and keep it on his person. 
This arrangement more reliably protects a private keys. 
[01 1 6] Further, as an IC card 62 is provided not only 
with a memory function for storing a private key but also 
with an encryption operation function, data on a private 
key is not output from the IC card 62. Therefore, a pri- 
vate key security can be more strongly maintained. 

M odifica tion 

[0117] Other than the IC card 62 used as an exter- 
nal memory means in the above example, various other 
external memory means may be used as an external 
means for storing a private key. For example, a floppy 
disk may also be preferably used. 
[01 1 8] However, when a floppy disk is used as a pri- 
vate key memory means, the disk does not have an 
operation function. Therefore, for example, rather than 
as described above, in this case, the digital signature 
preparing server 50 is provided with an encryption oper- 
ation section 18, similar to the first embodiment, though 
the encryption operation section 18 here receives a 
"device number" instead of a "private key", differing from 
the first embodiment. The encryption operation section 
1 8 reads a private key from a floppy disk or the like des- 
ignated by the "device number", and then applies an 
encryption operation using the read private key. 
[01 1 9] Alternatively, an encryption key control table, 
used in the control database 12 in the first embodiment, 
is stored in an external memory means. That is, an con- 
trol database 12 is constructed using an external mem- 
ory means. With this structure, a private key can be 
more reliably protected when the external memory 
means is removed from the digital signature preparing 
server 50 being not in operation. 

Embodiment 3. 

[0120] In Embodiment 3, user identification is 
applied on a computer used by a user, based not only 
on the user s ID or the like, but also on his authentica- 
tion dynamic signature data, and digital signature 
processing is applied using a private key of the user 
thus identified. 

[0121] Specifically, the third embodiment is 
achieved using a program which is operable on a com- 
puter. 

[0122] Fig. 6 is a diagram showing a structure for 
program modules according to the third embodiment. 
As shown, a main program contains a dynamic signa- 
ture encryption key control module 1 10, a dynamic sig- 
nature verification module 112, an encryption operation 
module 114, and an array control module 116. 
[0123] In the third embodiment, a program contain- 
ing these modules is employed to create a signature on 
input message data in response to a user's request. 



Input Signal 

[01 24] Characteristic points of this embodiment will 
first be described, with emphasis on a signal supplied to 

5 the program. 

[0125] As shown in Fig, 6, an input 122 contains a 
user's "ID", "authentication dynamic signature data", 
and "message data" which the user wishes to sign. With 
this program, the "message data" is encrypted using the 

w user's private key to thereby sign the "message data". 
The "encrypted (signed) message data" is then output. 
[01 26] Here, authentication dynamic signature data 
is biometric data identifying a specific individual, such 
as data on a user's "handwritten signature", fingerprint, 

is retina pattern, or the like. In this embodiment, a user 
wishing to utilize authentication writes a "handwritten 
signature" on a tablet or similar input device provided as 
a peripheral device to the computer, to thereby input 
authentication dynamic signature data. 

20 [0127] "Authentication dynamic signature data" 
contained in an input 122 for this program is dynamic 
signature data input by a user wishing to apply a digital 
signature. As described above, data on a user's "hand- 
written signature", input via a tablet terminal, may be 

25 used as "authentication dynamic signature data". 

[0128] In the array control module 116 , the 
"authentication dynamic signature data" is compared 
with "registered dynamic signature data" pre-included in 
an array for verification. This comparison and verifica- 

30 tion are carried out in the dynamic signature verification 
module 112. As described above, as biometric data is 
used for user identification in this embodiment, unau- 
thorized application of a digital signature by an unau- 
thorized person can be effectively prevented. Operation 

35 flow for identification process will be described later. 
[0129] Also, as shown in Fig. 6, this program con- 
tains an array control module 1 16 for controlling individ- 
ual user "IDs" and "private keys". Specifically, an "ID" 
and a "private key" are stored in an array. "Registered 

40 dynamic signature data" described above is controlled 
in the array control module 116 as being stored in an 
array 

[0130] The third embodiment is characterized by 
the fact that a private key or the like is not stored in a 

45 specific hardware device such as an IC card, but is 
instead incorporated into software stored on an appro- 
priate medium. The incorporation may be achieved 
using various conventional methods. For example, with 
this embodiment, a user's "ID", "private key", or the like 

so may be stored in a data array. 

[01 31 ] As described above, because in the present 
embodiment, a private key is incorporated into software, 
an unauthorized person, even one who has stolen or 
otherwise somehow copied or obtained the software, 

55 cannot abuse the program by. for example, using a reg- 
ular private key based on an incorrect ID. The program 
remains secure because the "ID" and the content of the 
"private key" are incorporated into the program and can- 
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not readily be rewritten by a person other than the crea- 
tor of the program. 

[0132] The third embodiment is characterized by 
the fact that a private key is not controlled by an individ- 
ual user, or its owner, but is controlled by means of a 
software program. With this arrangement, private keys 
can be centrally controlled, which can free the users 
from the need to apply a complicated private key con- 
trolling process. 

[0133] It should be noted that dynamic signature 
data, exemplified by "handwritten signature data" in the 
above description, may be any other data capable of 
biometric identification of an authorized user, such as a 
fingerprint, retina pattern, or the like. 

Operation 

[0134] Operation in a digital signature preparation 
method according to the present invention will next be 
described, with emphasis on the flow of program 
processing. 

[01 35] In a program according to the third embodi- 
ment, upon receipt of an input 1 22 consisting of a user's 
"ID", "authentication dynamic signature data", and 
"message data", the dynamic signature encryption key 
control module 110 reads from the array control module 
1 16 "registered dynamic signature data" which is regis- 
tered with respect to the user identified by that ID. As 
shown in Fig. 6, the dynamic signature encryption key 
control module 110 supplies "ID" to the array control 
module 116, which in turn searches the data stored in 
an array using the "ID" as a key, and outputs "registered 
dynamic signature data" and a "private key". 
[01 36] The "registered dynamic signature data" out- 
put from the array control module 1 16 is supplied to the 
dynamic signature verification module 1 12, as shown in 
Fig. 6. Meanwhile, the dynamic signature encryption 
key control module 110 supplies "authentication 
dynamic signature data" input by the user to the 
dynamic signature verification module 112. 
[0137] The dynamic signature verification module 
112 then compares the supplied "authentication 
dynamic signature data" with the "registered dynamic 
signature data" for verification, and outputs the result to 
the dynamic signature encryption key control module 
110. 

[0138] When the characteristics of the "registered 
dynamic signature data" coincide with those of the 
"authentication dynamic signature data" input by the 
user, it is determined that both sets of biometric signa- 
ture data belong to the same person, and it is decided 
that the request for digital signature is appropriate (i.e., 
the request was made by an authorized user). In this 
case, the dynamic signature verification module 112 
sends a comparison result "normal" to the dynamic sig- 
nature encryption key control module 110. When the 
comparison result "normal" is sent to the dynamic sig- 
nature encryption key control module 110, digital signa- 



ture processing (described later) is executed in the 
encryption operation module 1 14. 
[0139] However, when the characteristics of the 
"registered dynamic signature data" registered in 

5 advance in the array control module 1 16 do not coincide 
with those of the input "authentication dynamic signa- 
ture data", and the dynamic signature verification mod- 
ule 112 (see Fig. 6) determines that these are not 
biometric signature data belonging to the same person, 

10 it is concluded that the request for digital signature is not 
legitimate. Therefore, the program rejects the user's 
request and sends a rejection message via the dynamic 
signature encryption key control module 1 1 0 to the user. 
[0140] Here, when the dynamic signature verifica- 

is tion module 1 1 2 sends a "normal" result massage to the 
dynamic signature encryption key control module 110, 
the dynamic signature encryption key control module 
110 causes the encryption operation module 114 to 
apply digital signature processing. That is, the encryp- 

20 tion operation module 114 encrypts the message data 
using a private key. 

[0141] It should be noted that the private key has 
already been output from the array control module 116, 
as shown in Fig. 6. so that the encryption operation 

25 module 1 1 4 can conduct encryption operation, or digital 
signature processing, using the private key. 
[0142] As shown in Fig. 6, the encryption operation 
module 114 receives "message data" to be encrypted, 
from the dynamic signature encryption key control mod- 

30 ule 110 and, in this embodiment, additionally receives 
"image data" to be also encrypted. The encryption oper- 
ation module 114 encrypts (signs) both "message data" 
and "image data". 

[0143] "Image data" here is image data represent- 

35 ing, in an image form, "authentication dynamic signa- 
ture data" input by the user. "Authentication dynamic 
signature data" is numerical data expressing, for exam- 
ple, the dynamic of a pen with which the user writes a 
"handwritten signature", as speed, direction, pressing 

40 force, or the like. The data expressing a "handwritten 
signature" in the form of an image, is image data which 
is a reproduction of the dynamic of the pen on a sheet of 
paper so that the signature data (the numerical data 
indicative of a pressing force and so on) is expressed in 

45 a visible form to aid visual recognition by human users. 
[0144] Conversion of "authentication dynamic sig- 
nature data" into image data is carried out in the 
dynamic signature encryption key control module 110, 
and the converted image data is supplied to the encryp- 

so tion operation module 1 1 4, as shown in Fig. 1 . 

[01 45] As described above, image data of signature 
data is encrypted in this embodiment because of a 
demand to write a signature in a visible form in a mes- 
sage. However, encryption of image data is not a 

55 requirement of the present invention. 

[01 46] After encrypting "message data" and "image 
data", the encryption operation module 1 14 outputs the 
"encrypted message data" and "encrypted signature 
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image data". 

[0147] The dynamic signature encryption key con- 
trol module 110 then sends back to the user the 
"encrypted message data" and "encrypted signature 
image data". With this arrangement, the user can easily 5 
apply signature processing, yet need not control his 
own private key. In particular, as not just an ID, but also 
biometric dynamic signature data is used for identifica- 
tion in this embodiment, affixing of a signature with 
unauthorized use of a private key can be effectively pre- w 
vented. 

[0148] Further, the dynamic signature encryption 
key control module 110 returns also "a return value" to 
the user, a "return value" being a kind of code referred 
to as "a return code" indicative of an encryption opera- 15 
tion result. 

[0149] By examining the "return value", the user 
can obtain detailed information as to whether or not the 
encryption operation has been duly completed or 
whether or not characteristics matched between regis- 20 
tered authentication data and authentication dynamic 
signature data for a person identified by the ID. 
[0150] It should be noted that the respective com- 
ponents of the digital signature preparing method 
according to the present invention are achieved by 25 
means of a software program. 

[0151] Specifically, the dynamic signature encryp- 
tion key control module 110 corresponds to an input 
step and so on. The dynamic signature encryption key 
control module 110 achieves, in cooperation with the 30 
dynamic signature verification module 112, a detection 
step of the present invention; the dynamic signature 
encryption key control module 1 10 achieves, in cooper- 
ation with the array control module 116. a registered 
dynamic signature data obtaining step; and the dynamic 35 
signature encryption key control module 110 achieves, 
in cooperation with the encryption operation module 
1 1 4, a digital signing step. 

[0152] The dynamic signature encryption key con- 
trol module 1 10 achieves a conversion step for conver- 40 
sion into image data. 

[0153] Further, the software comprising the above 
modules is stored in a computer readable memory 
medium 200 when the computer is not operated. The 
memory medium 200 is generally a hard disk, and alter- 45 
natively may be any appropriate computer readable 
memory medium, such as a magnetic disk or an optical 
disk. 

Array Content so 

[0154] The content of an array used in the array 
control module 1 1 6 will next be described. 
[0155] Fig. 7 is a diagram for explaining the content 
of two types of arrays which are used in the array control 55 
module 116. Fig. 7(1) shows an individual information 
array 120a, while Fig. 7(2) shows an encryption key 
array 120b. 



[01 56] As shown in Fig. 7(1 ), the individual informa- 
tion array 120a is an array storing a user's "ID", "regis- 
tered dynamic signature data", and "a key hash value". 
A "key hash value" is a private key converted into a hash 
value using .a predetermined hash function, and is uti- 
lized in the encryption key array 120b (described later). 
A hash value is used here because searching using the 
value of a private key, which may be as long as 500 to 
1000 bits, requires a relatively long time to complete. 
[01 57] As described above, a user's "ID" is used for 
user identification in this embodiment (see Fig. 7(1)), 
and one user is allowed to have a plurality of IDs. There- 
fore, one user who has two or more functions can use a 
different signature for each function. 
[01 58] This embodiment is characterized by the fact 
that the system accepts use of a plurality of IDs by one 
user. 

[0159] Because an individual information array 
120a is employed, a single user can use a plurality of 
signatures as required, and signature processing is 
thereby made convenient. 

[01 60] Further, with the configuration of this embod- 
iment, it is possible for a plurality of users to share a sin- 
gle private key. That is, assignment of one key hash 
value to people with different IDs allows two or more 
people to commonly use a single private key. 
[0161] For example, a company key may be used 
by two or more directors. In such a case, according to 
this embodiment, these directors can share one com- 
pany key, thereby creating a convenient digital signature 
system. 

[0162] It is also possible, when one computer is 
shared by a plurality of users, that each user has his 
own private key, and that an additional common key is 
shared by the plurality of users. 
[0163] Fig. 7(2) shows an encryption key array 
120b. As can be seen from the figure, the encryption 
key array 120b stores a "key hash value", a "private key" 
for signature uses, and a "class". A "key hash value" 
here is the same as that which was explained above 
while referring to Fig. 7(1). A "class'' is data indicative of 
importance of a private key, and is used for control of 
the key; it is not, however, a requirement the present 
invention. 

[0164] Using the individual information array 120a, 
a "key hash value" is obtained according to an "ID" of 
each user. The "key hash value" is used as a key in 
searching the content of the encryption key array 1 20b. 
That is. by finding a concerned "key hash value" in the 
encryption key array 120b, a corresponding "private 
key" can be known from the encryption key array 120b. 
[0165] As described above, a "key hash value" 
serves as a key to relate the individual information array 
120a and the encryption key array 120b. Note that the 
"key hash value" in this embodiment may preferably be 
substituted by a simple consequence number as long 
as it corresponds to a private key. 
[0166] Also, two types of arrays, one normalized 
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with respect to IDs and the other normalized with 
respect to a private key, are used in this embodiment for 
separate management of individual users and keys. 
This enables efficient management because, when the 
number of users of the digital signature preparing 5 
method according to this embodiment increases, the 
individual information array 120a may be accordingly 
adjusted, while, when the types of private keys are 
reduced, just the encryption key array 120b may be 
adjusted. w 
[0167] However, as an array control database 116 
is fully functional when corresponding registered 
dynamic signature data and private key can be obtained 
based on an ID, the individual information array 120a 
and encryption key array 120b may be integrated into a 15 
single array so that processing relating to the array con- 
trol module 116 can be applied based on the integrated 
single array. 

[0168] Integration of the individual information array 
120a and encryption key array 120b results in an array 20 
containing items including a user's "ID", "registered sig- 
nature data", a "private key", and a "class", while omit- 
ting a "key hash value". 

[0169] As described above, this embodiment is 
characterized by the provision of a program for centrally 25 
controlling a private key for use for digital signature. In 
particular, as a private key is saved in the form of an 
array in the program, it is extremely difficult for a person 
other than the program's creator to delete or forge a pri- 
vate key in the program, or to newly add a key. 30 
[0170] Further, as biometric signature data is used 
for identification in this embodiment, more accurate 
identification can be achieved, which can effectively pre- 
vent an unauthorized person from "posing" or the like. 
[0171] Therefore, even if a third party were able to 35 
obtain the program according to this embodiment, he 
would not be able to use the private key. Because pro- 
gram forging to abuse a private key is extremely difficult, 
digital signature can be safely and reliably utilized. Also, 
as sharing of one private key by a plurality of persons is 40 
accepted in this embodiment, a company key can be 
smoothly used. Further, as holding of a plurality of pri- 
vate keys by one person is also accepted, a different 
digital signature can be applied for every function. 
[01 72] As described above, the third embodiment is 45 
characterized by the following: 

(1) Because of the use of biometric signature data, 
each user oan access a private key if he remem- 
bers only his ID, which is generally shorter than a so 
typical password; 

(2) As each user is required only to manually write 
his signature on a tablet for identification, smooth 
transition from a conventional signature using a 
sheet of paper can be realized; and 55 

(3) As image data of "handwritten signature data" 
which is used for authentication upon necessity can 
be utilized, consistency and similarity with a con- 
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ventional manual signature can be maintained. 

Advantages of the Present Invention 

[0173] As described above, according to the 
present invention, there is provided a digital authentica- 
tion system comprising a memory means for storing a 
private key whereby the need for each user to control 
his private key is eliminated. With this arrangement, 
control of a private key is facilitated. 
[01 74] Also, according to the present invention, as a 
plurality of users can share one private key, a company 
key can be readily controlled, and a substitutional signa- 
ture can a be easily added. 

[0175] Further, according to the present invention, 
as one user can own a plurality of private keys, he can 
advantageously use a different digital signature for 
every function or job title. 

[0176] Still further, according to the present inven- 
tion, as biometric signature data is used for user identi- 
fication, unauthorized use can be reliably prevented to 
provide a very safety digital signature system. 
[0177] Yet further, according to the present inven- 
tion, as a handwritten signature is one type of biometric 
signature data employed, users can be reliably identi- 
fied. 

[0178] Yet further, according to the present inven- 
tion, as a retina pattern is one type of biometric signa- 
ture data employed, users can be reliably identified. 
[0179] Yet further, according to the present inven- 
tion, as a fingerprint is one type of biometric signature 
data employed, users can be reliably identified. 
[0180] Yet further, according to the present inven- 
tion, as signature is affixed to image data on a handwrit- 
ten signature, a manually written signature can be 
perceived as an image. 

[0181] Also, as a private key is held by means of a 
detachable external memory means, safety for a private 
key can be enhanced when the external memory means 
is removed from a server and stored elsewhere. 
[0182] Further, when a signing means is integrally 
formed to the external memory means, a private key is 
not taken to the outside of the external memory means, 
which can further enhance the safety for a private key. 
[0183] Still further, according to the present inven- 
tion, an IC card is used for an external memory means. 
When the IC card is formed to incorporate a memory 
means and an operation means, a digital signature pre- 
paring system can be readily realized. 
[0184] Yet further, according to the present inven- 
tion, as biometric signature data is used for user identi- 
fication, user identification can be more reliably made. 
[0185] Yet further, according to the present inven- 
tion, as a plurality of users can share one private key, a 
company key can be readily controlled, and a substitu- 
tional signature can be easily added. 
[0186] Yet further, according to the present inven- 
tion, as one user can own a plurality of private keys, that 
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user can advantageously use a different digital signa- 
ture for every function or job title. 
[0187] Yet further, according to the present inven- 
tion, as a handwritten signature is one type of biometric 
signature data employed, users can be reliably identi- s 
fied. 

[0188] Yet further, according to the present inven- 
tion, as a retina pattern is one type of biometric signa- 
ture data employed, users can be reliably identified. 
[0189] Yet further, according to the present inven- w 
tion, as a fingerprint is one type of biometric signature 
data employed, users can be reliably identified. 
[0190] Yet further, according to the present inven- 
tion, as signature is affixed to image data on a handwrit- 
ten signature, a manually written signature can be is 
perceived as an image. 

[0191] Yet further, as the present invention relates 
to a computer readable memory medium, information 
on a private key, and so on is contained in a program. 
[0192] Therefore, according to the present inven- 20 
tion, the above advantages, as well as an additional 
advantage that abuse of a private key can be prevented 
even when the key is copied by a third person, can be 
readily achieved. 
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Claims 

1. A digital signature preparing server for receiving 
message data to be digitally signed and an identi- 
fier of a user requesting a digital signature, for sign- 30 
ing the message data using a private key of the 
user, and for outputting the message data signed, 

the digital signature preparing server, comprising: 

private key memory means for storing the pri- 35 
vate key of the user, the key being registered 
therein in advance, and for outputting the pri- 
vate key registered of the user based on the 
identifier of the user; and 

signing means for signing the message data 40 
using the private key. 

2. A digital signature preparing server according to 
claim 1 , wherein the private key memory means is 
capable of handling a case where identical private 45 
keys are stored with respect to identifiers of differ- 
ent users. 

3. A digital signature preparing server according to 
claim 1 , wherein the private key memory means is so 
capable of handling a case where one user has a 
plurality of identifiers. 

4. A digital signature preparing server according to 
any one of claims 1 . 2. and 3. further comprising ss 

biometric signature data memory means for 
storing biometric signature data on the user, 
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the data being registered therein in advance, 
and for outputting the registered biometric sig- 
nature data on the user based on an identifier 
of the user; and 

detection means for comparing input biometric 
signature data input by the user and the regis- 
tered biometric signature data on the user, out- 
put by the biometric signature data memory 
means, to detect whether or not characteristic 
amounts coincide between them, 
wherein 

the signing means signs the message data 
using the private key obtained, only when the 
detection means determines coincidence of 
the characteristic amounts. 

5. A digital signature preparing server according to 
claim 4, wherein the biometric signature data is 
data on a signature manually written by the user. 

6. A digital signature preparing server according to 
claim 4, wherein the biometric signature data is 
data on the user's retina pattern. 

7. A digital signature preparing server according to 
claim 4, wherein the biometric signature data is 
data on the user's fingerprint 

8. A digital signature preparing server according to 
claim 5, further comprising 

conversion means for converting into image 
data, the input biometric signature data, specif- 
ically, the data on a signature manually written 
by the user; 

image data signing means for signing the 
image data, using the private key; and 
image data output means for outputting the 
image data signed. 

9. A digital signature preparing server according to 
any one of claims 1, 2, and 3, wherein the private 
key memory means comprises an external memory 
means detachable from the digital signature pre- 
paring server. 

10. A digital signature preparing server according to 
any one of claims 1, 2, and 3, wherein the private 
key memory means comprises an external memory 
means detachable from the digital signature pre- 
paring server, and the signing means is formed 
integrally to the external memory means. 

11. A digital signature preparing server according to 
claim 10, wherein the external memory means 
comprises an IC card. 

12. A digital signature preparing method, comprising: 
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an input step of inputting message data to be 
digitally signed, an identifier of a user request- 
ing a digital signature, and biometric signature 
data on the user; 

a registered biometric signature data obtaining 5 
step of obtaining registered biometric signature 
data on the user based on the identifier of the 
user; 

a detection step of comparing the input biomet- 
ric signature data and the registered biometric io 
signature data on the user, to detect whether or 
not characteristic amounts coincide between 
them; and 

a digital signing step of digitally signing the 
message data using the private key of the user 15 
only when the characteristic amounts are 
detected coincident with each other at the 
detection step. 



13. A digital signature preparing method according to so 
claim 12, wherein identical private keys are able to 

be obtained with respect to identifiers of different 
users at the registered biometric signature data 
obtaining step. 

25 

14. A digital signature preparing method according to 
claim 12, wherein the registered biometric signa- 
ture data obtaining step is capable of handling a 
case where one user has a plurality of identifiers. 

30 

15. A digital signature preparing method according to 
any one of claims 12, 13, and 14, wherein the bio- 
metric signature data is data on a signature manu- 
ally written by the user. 

35 

16. A digital signature preparing method according to 
any one of claims 12, 13, and 14, wherein the bio- 
metric signature data is data on the user's retina 
pattern. 

40 

17. A digital signature preparing method according to 
any one of claims 12, 13, and 14, wherein the bio- 
metric signature data is data on the user's finger- 
print. 

45 

18. A digital signature preparing method according to 
claim 1 6, further comprising 

a conversion step of converting into image 
data, the input biometric signature data, specif- so 
ically, the data on a signature manually written 
by the user, and 

an image data signing step of signing the 
image data, using the private key. 

55 

19. A computer-readable recording medium containing 
a program which, when executed, causes the com- 
puter to follow 



an input step of inputting message data to be 
digitally signed, an identifier of a user request- 
ing a digital signature, and biometric signature 
data on the user; 

a registered biometric signature data obtaining 
step of obtaining registered biometric signature 
data on the user based on the identifier of the 
user; 

a detection step of comparing the input biomet- 
ric signature data and the registered biometric 
signature data on the user, to detect whether or 
not characteristic amounts coincide between 
them; and 

a digital signing step of digitally signing the 
message data using the private key of the user 
only when the characteristic amounts are 
detected coincident with each other at the 
detection step. 

20. A computer-readable recording medium according 
to claim 19, wherein identical private keys are able 
to be obtained with respect to identifiers of different 
users at the registered biometric signature data 
obtaining step. 

21. A computer-readable recording medium according 
to claim 19, wherein the registered biometric signa- 
ture data obtaining step is capable of handling a 
case where one user has a plurality of identifiers. 

22. A computer-readable recording medium according 
to any one of claims 19, 20, and 21, wherein the 
biometric signature data is data on a signature 
manually written by the user. 

23. A computer-readable recording medium according 
to any one of claims 19, 20, and 21, wherein the 
biometric signature data is data on the user's retina 
pattern. 

24. A computer-readable recording medium according 
to any one of claims 19, 20, and 21, wherein the 
biometric signature data is data on the user's fin- 
gerprint. 

25. A computer-readable recording medium according 
to claim 22, which causes the additional steps of 

a conversion step of converting into image 
data, the' input biometric signature data, specif- 
ically, the data on a signature manually written 
by the user, and 

an image data signing step of signing the 
image data, using the private key. 
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